Archive

Category Archives for "Networking"

Advanced Threat Intelligence Begins with Network Visibility

The current reality has pushed users, applications, and data to the edge of the network where traditional perimeter security solutions have historically fallen short. Threat actors know this, of course, and have spent the past nine months targeting the weakest link in the security stack: the user. 

Email and web browsing continue to be popular attack vectors. Security vendors have beefed up web and email security, but issues with legacy architectures are letting some attacks slip through. Information and context derived from advanced threat intelligence remain the most powerful weapons in a security team’s arsenal. Advanced technologies such as artificial intelligence and machine learning can help scan, detect, and warn at scale, but they’re not bulletproof. Increasingly sophisticated threat actors, powered by AI and ML, are finding ways to evade threat detection.

Security professionals interested in learning more about the current state of advanced threat inspection, threat intelligence, and the emerging technologies that power these capabilities should check out the following sessions: 

The Promise and Peril of AI for Cybersecurity (ISNS2794) 

Artificial intelligence and machine learning are powerful, indeed essential, components of security  Continue reading

The Senior Trap

How do you become a “senior engineer?” It’s a question I’m asked quite often, actually, and one that deserves a better answer than the one I usually give. Charity recently answered the question in a round-a-bout way in a post discussing the “trap of the premature senior.” She’s responding to an email from someone who is considering leaving a job where they have worked themselves into a senior role. Her advice?

Quit!

This might seem to be counter-intuitive, but it’s true. I really wanted to emphasize this one line—

There is a world of distance between being expert in this system and being an actual expert in your chosen craft. The second is seniority; the first is merely .. familiarity

Exactly! Knowing the CLI for one vendor’s gear, or even two vendor’s gear, is not nearly the same as understanding how BGP actually works. Quoting the layers in the OSI model is just not the same thing as being able to directly apply the RINA model to a real problem happening right now. You’re not going to gain the understanding of “the whole ball of wax” by staying in one place, or doing one thing, for the rest of Continue reading

Network Break 311: Apstra Gets Loud About SONiC; VMware Sinks More Hooks Into Networking

Each week Network Break runs vendor press releases through our patented ML algorithms to strip out the marketing & buzzwords. It doesn't leave us much to work with, but we do our best. Today's episode covers Apstra's IBN support for the SONiC NOS, IBM's purchase of APM newcomer Instana, VMware's furthering of its networking ambitions, a startup building 5G chips for the edge, and more.

The post Network Break 311: Apstra Gets Loud About SONiC; VMware Sinks More Hooks Into Networking appeared first on Packet Pushers.

The Week in Internet News: Siberian Student Climbs Tree to Get Internet Access

Great heights: As his classes move online, Russian student Alexei Dudoladov has to climb a birch tree to get Internet access, Reuters reports. The student at the Omsk Institute of Water Transport, which is nearly 1,400 miles east of Moscow, says his home Internet service is not strong enough to connect to online classes. “I need to go into the forest 300 meters from the village and climb a birch tree that is eight-meters high … and I get on Zoom to speak to professors and prove that I am not skipping class for no reason.”

Even greater heights: Meanwhile, the Ector County Independent School District in Odessa, Texas, is hoping that the new SpaceX satellite Internet service will help give students and teachers better Internet access, Education Dive says. The district is the first in the U.S. to work with SpaceX’s Starlink Internet service. A pilot project in early 2021 will include 45 families with students or teachers in the district.

Cybersecurity boss fired: U.S. President Donald Trump, who continues to insist he was the victim of massive nationwide voting fraud in his recent election loss to Joe Biden, has fired Christopher Krebs, who led the federal Continue reading

Why Is Public Cloud Networking So Different?

A while ago (eons before AWS introduced Gateway Load Balancer) I discussed the intricacies of AWS and Azure networking with a very smart engineer working for a security appliance vendor, and he said something along the lines of “it shows these things were designed by software developers – they have no idea how networks should work.

In reality, at least some aspects of public cloud networking come closer to the original ideas of how IP and data-link layers should fit together than today’s flat earth theories, so he probably wanted to say “they make it so hard for me to insert my virtual appliance into their network.

Worth Reading: Do Your Homework

Tom Hollingsworth wrote another must-read blog post in which he explained what one should do before asking for help:

If someone comes to me and says, “I tried this and it failed and I got this message. I looked it up and the response didn’t make sense. Can you tell me why that is?” I rejoice. That person has done the legwork and narrowed the question down to the key piece they need to know.

In other words (again his), do your homework first and then ask relevant questions.

Heavy Networking 551: An Insider’s Guide To The SONiC Network OS

SONiC is a network OS that can run on a variety of whitebox switches. Originally developed by Microsoft, SONiC is now an open-source project with distributions that target hyperscale and enterprise environments. Today's Heavy Networking is a deep dive into SONiC with Dave Maltz, a Technical Fellow at Microsoft who has been closely involved with SONiC's development. While Microsoft is a SONiC backer, this is an unsponsored episode.

The post Heavy Networking 551: An Insider’s Guide To The SONiC Network OS appeared first on Packet Pushers.

Calico Delivers “Wow Effect” with 6x Faster Encryption than Any Other Solution… Confirms Leadership in Latest Independent CNI Benchmark Tests

Benchmark tests measure a repeatable set of quantifiable results that serve as a point of reference against which products and services can be compared. Since 2018, Alexis Ducastel, a Kubernetes CKA/CKAD and the founder of InfraBuilder, has been running independent benchmark tests of Kubernetes network plugins (CNI) over a 10Gbit/s network.

The latest benchmark in this periodic series of tests was published in September, and was based on CNI versions that were up-to-date as of August 2020. Only CNIs that can be set up with a single yaml file were tested and compared, and included the following:

  • Antrea v.0.9.1
  • Calico v3.16
  • Canal v3.16 (Flannel network + Calico Network Policies)
  • Cilium 1.8.2
  • Flannel 0.12.0
  • Kube-router latest (2020–08–25)
  • WeaveNet 2.7.0

We are thrilled to report that among all of the CNI’s tested, Calico was the clear winner, excelling in nearly every category and delivering superlative results which are summarized in the chart below. In fact, Calico is the CNI of choice in the primary use cases presented by the author in the report’s summary.

The exceptional performance of Calico encryption was described as having the “real wow effect” among all of Continue reading

Monitoring failed login attempts on Linux

Repeated failed login attempts on a Linux server can indicate that someone is trying to break into an account or might only mean that someone forgot their password or is mistyping it. In this post, we look at how you can check for failed login attempts and check your system's settings to see when accounts will be locked to deal with the problem.One of the first things you need to know is how to check if logins are failing. The command below looks for indications of failed logins in the /var/log/auth.log file used on Ubuntu and related systems. When someone tries logging in with a wrong or misspelled password, failed logins will show up as in the lines below:To read this article in full, please click here

Edge computing: When to outsource, when to DIY

The edge is being sold to enterprise customers from just about every part of the technology industry, and there’s not always a bright dividing line between “public” options – edge computing sold as a service, with a vendor handling operational data directly – and “private” ones, where a company implements an edge architecture by itself.There are advantages and challenges to either option, and which is the right edge-computing choice for any particular organization depends on their individual needs, budgets and staffing, among other factors. Here are some considerations.To read this article in full, please click here

Edge computing: When to outsource, when to DIY

The edge is being sold to enterprise customers from just about every part of the technology industry, and there’s not always a bright dividing line between “public” options – edge computing sold as a service, with a vendor handling operational data directly – and “private” ones, where a company implements an edge architecture by itself.There are advantages and challenges to either option, and which is the right edge-computing choice for any particular organization depends on their individual needs, budgets and staffing, among other factors. Here are some considerations.To read this article in full, please click here

Tech Bytes: Pluribus Rethinks Open Networking For Better Programmability, TCO (Sponsored)

Today's Tech Bytes dives into Pluribus Networks’ Linux-based Netvisor ONE OS for white box switches. We also discuss Pluribus’ Adaptive Cloud Fabric, a distributed, controllerless SDN solution for deploying and automating data center fabrics that promises simpler operations and a lower TCO. Our guest is Alessandro Barbieri, VP of Product Management.

The post Tech Bytes: Pluribus Rethinks Open Networking For Better Programmability, TCO (Sponsored) appeared first on Packet Pushers.

A Different Viewpoint of Lock-In

First things first: Go watch this great video on lock-in from Ethan Banks (@ECBanks). We’ll reference it.

Welcome back. Still carrying that pitchfork around screaming about how you want to avoid vendor lock-in? Ready to build the most perfect automation system in history that does multi-cloud, multi-vendor, multi-protocol networking in a seamless manner with full documentation? Nice. How hard was is to build that unicorn farm?

I get it. No one wants to be beholden to a specific vendor. No one likes being forced into buying things. Everyone hates the life of the engineer forced to work on something they don’t like or had to use because someone needed a new boat. Or do they?

Ford and Chevys and Dodge, Oh My!

What kind of car do you drive? Odds are good you’re either ready to get a new one or you’re proud of what you’re driving. I find that the more flashy a car is the more likely people are to talk about how amazing it is. And when there are two dominant manufacturers in a market for cars, you tend to see people dividing into camps to sing the praises of their favorite brands. Ford people love their Continue reading

Getting to the Core: Benchmarking Cloudflare’s Latest Server Hardware

Getting to the Core: Benchmarking Cloudflare’s Latest Server Hardware
Getting to the Core: Benchmarking Cloudflare’s Latest Server Hardware

Maintaining a server fleet the size of Cloudflare’s is an operational challenge, to say the least. Anything we can do to lower complexity and improve efficiency has effects for our SRE (Site Reliability Engineer) and Data Center teams that can be felt throughout a server’s 4+ year lifespan.

At the Cloudflare Core, we process logs to analyze attacks and compute analytics. In 2020, our Core servers were in need of a refresh, so we decided to redesign the hardware to be more in line with our Gen X edge servers. We designed two major server variants for the core. The first is Core Compute 2020, an AMD-based server for analytics and general-purpose compute paired with solid-state storage drives. The second is Core Storage 2020, an Intel-based server with twelve spinning disks to run database workloads.

Core Compute 2020

Earlier this year, we blogged about our 10th generation edge servers or Gen X and the improvements they delivered to our edge in both performance and security. The new Core Compute 2020 server leverages many of our learnings from the edge server. The Core Compute servers run a variety of workloads including Kubernetes, Kafka, and various smaller services.

Configuration Changes (Kubernetes)

Previous Continue reading

Video: Know Your Users’ Needs

After explaining why you should focus on defining the problem before searching for a magic technology that will solve it, I continued the Focus on Business Challenges First presentation with another set of seemingly simple questions:

  • Who are your users/customers?
  • What do they really need?
  • Assuming you’re a service provider, what are you able to sell to your customers… and how are you different from your competitors?
The video is part of Business Aspects of Networking Technologies webinar and available with Free ipSpace.net Subscription.
1 2 3 2,688